Cisco WS-CE500 - Page 149

240 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring VPN

Advanced Configuration of IPsec VPN

Cisco SA500 Series Security Appliances Administration Guide 149

7

STEP 2 To add a VPN policy, click Add.

Other options: Click the Edit button to edit an entry. To delete an entry, check the

box and then click Delete. To select all entries, check the box in the first column of

the table heading.

After you click Add or Edit, the VPN Policy Configuration window opens.

STEP 3 In the General area, enter the following information:

• Policy Name: Enter a unique name to identify the policy.

• Policy Type: Choose one of the following types:

- Auto: Some parameters for the VPN tunnel are generated automatically.

The IKE (Internet Key Exchange) protocol is used to perform negotiations

between the two VPN endpoints. To create an Auto VPN Policy, you need

to first create an IKE policy and then add the corresponding Auto Policy

for that IKE Policy.

- Manual: All settings (including the keys) for the VPN tunnel are manually

input for each end point. No third party server or organization is involved.

• Select Local Gateway: If you configured the Optional Port for use as a WAN

port, choose which WAN interface will act as one end of the tunnel:

Dedicated WAN or Optional WAN.

• Remote End Point: Choose to identify the remote end point by the IP

address or the Internet Name/FQDN of the remote gateway or the client PC.

Also enter the IP address or the Internet Name/FQDN in the field below the

drop-down list.

• Enable NetBIOS: Check this box to enable NetBIOS, which is a program that

carries out name resolution. This option allows NetBIOS broadcasts to travel

over the VPN tunnel.

• Enable RollOver: This option is applicable if you have two ISP links and if

you have enabled Auto-Rollover (see Configuring Auto-Rollover, Load

Balancing, and Failure Detection, page 57). In this case, you can check the

Enable RollOver box to ensure that VPN traffic rolls over to the backup link

whenever the primary link fails. The security appliance will automatically

update the local WAN gateway for the tunnel based on the optional WAN link

configuration. For this type of configuration, Dynamic DNS has to be

configured because the IP address will change due to failover. See Dynamic

DNS, page 76.

Table of Contents

Related product manuals

Preview: Cisco Linksys WES610N

Cisco Linksys WES610N

Preview: Cisco ASA

Preview: Cisco 5400

Preview: Cisco 1600

Preview: Cisco ONS 15454

Cisco ONS 15454

Preview: Cisco 1000 Series

Cisco 1000 Series

Preview: Cisco Linksys NSLU2

Cisco Linksys NSLU2

Preview: Cisco Firepower 9300

Cisco Firepower 9300

Preview: Cisco MERAKI MX85 Series

Cisco MERAKI MX85 Series

Preview: Cisco Catalyst 8300 Series

Cisco Catalyst 8300 Series

Preview: Cisco Firepower 1010 Series

Cisco Firepower 1010 Series